On September 8, 2025, SwissBorg, a Switzerland-based cryptocurrency wealth management platform, announced a significant security breach that resulted in the theft of approximately 193,000 Solana (SOL) tokens, valued at around $41 million.
The incident, which targeted the platform’s SOL Earn program, was caused by a compromised third-party API from their staking partner, Kiln.
While the breach impacted only 1% of SwissBorg’s user base and roughly 2% of its total assets under management (AUM), it has sparked renewed concerns about the vulnerabilities of third-party integrations in the crypto industry.
SwissBorg has responded, pledging to reimburse affected users and collaborating with industry professionals to recover the stolen funds.
The breach was first brought to public attention by on-chain investigator ZachXBT, who reported the theft of 192,600 SOL on the Solana blockchain.
SwissBorg confirmed the incident, clarifying that the exploit originated from Kiln’s API, not from a direct attack on their core systems.
The SOL Earn program allows users to stake Solana tokens through SwissBorg’s app to earn rewards without managing complex validator nodes or decentralized finance (DeFi) protocols.
Kiln, a staking infrastructure provider, facilitates these transactions by connecting SwissBorg’s platform to Solana’s staking network.
Hackers exploited a vulnerability in Kiln’s API, manipulating requests to siphon off the funds, which were later traced to a wallet labeled “SwissBorg Exploiter” on Solscan.
SwissBorg’s CEO, Cyrus Fazel, addressed the incident in a live YouTube broadcast on September 8, emphasizing that the company’s main application and other Earn programs for assets like Bitcoin and Ethereum remained secure.
Fazel said:
“This was not a hack of SwissBorg itself.”
He described the attack as an external compromise through a trusted partner.
He acknowledged the emotional toll on affected users, noting;
“It’s never easy to admit we’ve lost funds, but it’s in these moments we show our commitment to our community.”
The company has assured users that its financial health remains robust, with daily operations continuing uninterrupted.
To mitigate the impact, SwissBorg has allocated treasury funds to compensate affected users, with Fazel confirming that the company has sufficient resources to cover the losses.
The platform is also working with white-hat hackers, blockchain investigators, and partners like Fireblocks and the Solana Foundation to track the stolen funds.
Some transactions linked to the exploit have already been blocked on multiple exchanges, limiting the hackers’ ability to liquidate the assets.
SwissBorg has said it would contact affected users directly via email with detailed next steps and to provide regular updates throughout the recovery process.
The incident underscores the growing risks of third-party dependencies in the crypto ecosystem.
APIs, which act as bridges between platforms and external systems, can become weak points if not rigorously audited.
Despite SwissBorg’s due diligence in selecting Kiln, described by Fazel as “one of the best partners in the world,” the breach highlights how even trusted providers can expose vulnerabilities.
This event comes amid a wave of supply chain attacks in the crypto space, including a recent $2.4 million exploit of the Nemo Protocol on the Sui blockchain and a $4.65 million rug pull by the Solana-based Aqua project, both reported on the same day.
SwissBorg’s response has been praised as a model for crisis management, with its commitment to transparency and user reimbursement aiming to set a high standard.
The company plans to implement enhanced security measures to prevent future incidents and is collaborating with global law enforcement to pursue the perpetrators.
For the broader crypto industry, this breach serves as a stark reminder of the need for proper security protocols, especially when integrating third-party services.
As SwissBorg works to restore user trust, the incident may prompt other platforms to reassess their own vulnerabilities, reinforcing the importance of resilience and accountability in the face of evolving cyber threats.